<?php	
	
	require $_SERVER["DOCUMENT_ROOT"] . '/manage/database.php';
	
	function updateDB($info)
	{
		$username	=	$info[0]["cn"][0];
		$displayname=	$info[0]["displayname"][0];
		$first 		= 	$info[0]["givenname"][0];
		$initial 	= 	$info[0]["initials"][0];
		$last		=	$info[0]["sn"][0];
		$stuid		=	$info[0]["employeenumber"][0];
		$major		=	$info[0]["udmajor"][0];
		$grade		=	$info[0]["udgradelevel"][0];
		$mail		=	$info[0]["mail"][0];
		$altmail	=	$info[0]["udaltemail"][0];
		$address	=	$info[0]["l"][0];
		$zip		=	$info[0]["postalcode"][0];
		$phone		=	$info[0]["udpreferredphone"][0];
		
		$query = sprintf("SELECT cn FROM ldap WHERE cn='%s'", mysql_escape_string($username));
		$result = mysql_query($query) or die(mysql_error());
		$numrows = mysql_affected_rows();
		
		$query = sprintf("UPDATE ldap SET displayname='%s', first='%s', initial='%s', last='%s', studentid='%s', major='%s', grade='%s', mail='%s', altmail='%s', address='%s', zip='%s', phone='%s' WHERE cn='%s'",
			mysql_escape_string($displayname),
			mysql_escape_string($first),
			mysql_escape_string($initial),
			mysql_escape_string($last),
			mysql_escape_string($stuid),
			mysql_escape_string($major),
			mysql_escape_string($grade),
			mysql_escape_string($mail),
			mysql_escape_string($altmail),
			mysql_escape_string($address),
			mysql_escape_string($zip),
			mysql_escape_string($phone),
			mysql_escape_string($username));
		$result = mysql_query($query) or die(mysql_error());
		if ($numrows == 0 && mysql_affected_rows() == 0)
		{
		// No records updated, so add it
		$query = sprintf("INSERT INTO ldap (cn, displayname, first, initial, last, studentid, major, grade, mail, altmail, address, zip, phone) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')",
			mysql_escape_string($username),
			mysql_escape_string($displayname),
			mysql_escape_string($first),
			mysql_escape_string($initial),
			mysql_escape_string($last),
			mysql_escape_string($stuid),
			mysql_escape_string($major),
			mysql_escape_string($grade),
			mysql_escape_string($mail),
			mysql_escape_string($altmail),
			mysql_escape_string($address),
			mysql_escape_string($zip),
			mysql_escape_string($phone));
		$return = mysql_query($query) or die(mysql_error());
		} 
	}
	
	function ldapLogin($username, $password)
	{
		$server = "ldap.udayton.edu";
		
		// The first step is to obtain the dn for the user
		// This is done through the anonymous access
		
		$ldapconn = ldap_connect($server);
		
		ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
		
		// Make the anonymous binding
		$ldapbind = @ldap_bind($ldapconn);
		
		// Find the username
		$sr=ldap_search($ldapconn, "ou=Users,o=UofD", "cn=" . $username);
		$info = ldap_get_entries($ldapconn, $sr);
		
		// Obtain the dn
		$dn = $info[0]["dn"];
		
		ldap_close($ldapconn);
		
		// Make a new connection
		$ds=ldap_connect($server);
		
		// Make the binding using the dn obtained above and user's password
		$r=@ldap_bind($ds, $dn, $password);
	
		// Find the user's entry
		$sr=ldap_search($ds, "ou=Users,o=UofD", "cn=" . $username);  
		
		$info = ldap_get_entries($ds, $sr);
		
		// If a student id number is obtained then the login was successful
		if( $info[0]['employeenumber'][0])
		{
			updateDB($info);
			return User::getByUsername($username);
		}
		else
		{
			return 0;
		}
		
		ldap_close($ds);
	}
		
?>